-
-
Notifications
You must be signed in to change notification settings - Fork 145
Rules
Nodir Temirkhodjaev edited this page Dec 25, 2024
·
5 revisions
Rules are for defining network rules for applications and global rules.
You can only add 1 rule per program, but you can add different preset rules to app rule.
- Rule's text can contain Filter Lines, separated with new line (
\n) - Filter Line can contain Filters, separated with
: - Filter Line can contain Sub-Filter Lines, wrapped by
{and} - Filter can contain optional name and values
- Filter's values can be wrapped by
(and) - Filter's can be negated by
!
Example:
104.21.5.235:udp(443)
172.67.154.192:udp(443)
This rule has 2 filter lines.
Example:
104.21.5.235:{
udp(443)
tcp(80):dir(in)
}
This rule has 1 filter line. Example's logic:
- the IP should be "104.21.5.235"
- AND ( the Port should be UDP 443 OR (TCP 80 AND incoming) )
Example:
1.1.1.1: !{ port(80):dir(out) }
Address 1.1.1.1 AND NOT (port 80 AND outgoing).
It's more effective to use values list in one filter, than several filter lines:
(
1.1.1.1
2.2.2.2
3.3.3.3
):(80, 443)
- "ip":
ip(1.1.1.1, 2.2.2.2/16, [::1])First filter's name is "ip" by default. - "port":
port(53, 80)IP address's next filter's name is "port" by default. - "local_ip"
- "local_port"
- "proto" or "protocol":
proto(TCP, UDP, ICMP, ICMPv6) - "icmp_type":
icmp_type(8, 10-18) - "icmp_code":
icmp_code(0-9) - "dir" or "direction":
dir(IN, OUT) - "area": predefined network areas
area(LOCALHOST, LAN, INET) - "profile": network interface's profile
profile(PUBLIC, PRIVATE, DOMAIN) - "tcp":
tcp(...)is optimized sugar for{ proto(TCP):port(...) } - "udp":
udp(...)is optimized sugar for{ proto(UDP):port(...) }
You can check the Rule's "Exclusive" flag to skip the rule's filters and preset rules, when the rule's filters is blocked. The flag is effective, when the Rule is Allowed only.
Example: Allowed Exclusive Rule with text "profile(PUBLIC)" and its presets. When current network profile is not Public (but Private or Domain), then the Rule will not be processed.
- rules max count = 1024
- global rules max count = 64
- rule's preset sub-rules max count = 32
- rule's max depth count = 7 (max level of {{{...}}})
- rule's preset sub-rules max depth count = 8 (max level of preset sub-rules)